[Intel-gfx] [PATCH] drm/i915: Fix null pointer dereference in ring cleanup code
Dave Gordon
david.s.gordon at intel.com
Mon Nov 3 18:16:45 CET 2014
On 31/10/14 14:52, Damien Lespiau wrote:
> On Fri, Oct 31, 2014 at 12:00:26PM +0000, John.C.Harrison at Intel.com wrote:
>> From: John Harrison <John.C.Harrison at Intel.com>
>>
>> If a ring failed to initialise for any reason then the error path would try to
>> clean up all rings including those that had not yet been allocated. The ring
>> clean up code did a check that the ring was valid before starting its work.
>> Unfortunately, that was after it had already dereferenced the ring to obtain a
>> dev_private pointer.
>>
>> Signed-off-by: John Harrison <John.C.Harrison at Intel.com>
>
> This looks good to me.
>
> Reviewed-by: Damien Lespiau <damien.lespiau at intel.com>
And simpler than the version I previously posted, as that would have
had to have another test added for each new ring in future hardware.
However I think the description above is slightly misleading, as the
problem wasn't dereferencing "ring" but "ring->dev". "ring" is always
non-NULL (it's the address of a member of an array inside dev_priv),
but the backpointer "ring->dev" is only filled in during ring
initialisation.
.Dave.
More information about the Intel-gfx
mailing list